本文整理汇总了Python中elastalert.elastalert.ElastAlerter.modify_rule_for_ES5方法的典型用法代码示例。如果您正苦于以下问题:Python ElastAlerter.modify_rule_for_ES5方法的具体用法?Python ElastAlerter.modify_rule_for_ES5怎么用?Python ElastAlerter.modify_rule_for_ES5使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类elastalert.elastalert.ElastAlerter的用法示例。
在下文中一共展示了ElastAlerter.modify_rule_for_ES5方法的1个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_file
# 需要导入模块: from elastalert.elastalert import ElastAlerter [as 别名]
# 或者: from elastalert.elastalert.ElastAlerter import modify_rule_for_ES5 [as 别名]
def test_file(self, conf, args):
""" Loads a rule config file, performs a query over the last day (args.days), lists available keys
and prints the number of results. """
if args.schema_only:
return []
# Set up Elasticsearch client and query
es_client = elasticsearch_client(conf)
try:
is_five = es_client.info()['version']['number'].startswith('5')
except Exception as e:
print("Error connecting to ElasticSearch:", file=sys.stderr)
print(repr(e)[:2048], file=sys.stderr)
return None
if is_five:
ElastAlerter.modify_rule_for_ES5(conf)
start_time = ts_now() - datetime.timedelta(days=args.days)
end_time = ts_now()
ts = conf.get('timestamp_field', '@timestamp')
query = ElastAlerter.get_query(conf['filter'], starttime=start_time, endtime=end_time, timestamp_field=ts, five=is_five)
index = ElastAlerter.get_index(conf, start_time, end_time)
# Get one document for schema
try:
res = es_client.search(index, size=1, body=query, ignore_unavailable=True)
except Exception as e:
print("Error running your filter:", file=sys.stderr)
print(repr(e)[:2048], file=sys.stderr)
return None
num_hits = len(res['hits']['hits'])
if not num_hits:
return []
terms = res['hits']['hits'][0]['_source']
doc_type = res['hits']['hits'][0]['_type']
# Get a count of all docs
count_query = ElastAlerter.get_query(conf['filter'], starttime=start_time, endtime=end_time, timestamp_field=ts, sort=False, five=is_five)
try:
res = es_client.count(index, doc_type=doc_type, body=count_query, ignore_unavailable=True)
except Exception as e:
print("Error querying Elasticsearch:", file=sys.stderr)
print(repr(e)[:2048], file=sys.stderr)
return None
num_hits = res['count']
print("Got %s hits from the last %s day%s" % (num_hits, args.days, 's' if args.days > 1 else ''))
print("\nAvailable terms in first hit:")
print_terms(terms, '')
# Check for missing keys
pk = conf.get('primary_key')
ck = conf.get('compare_key')
if pk and not lookup_es_key(terms, pk):
print("Warning: primary key %s is either missing or null!", file=sys.stderr)
if ck and not lookup_es_key(terms, ck):
print("Warning: compare key %s is either missing or null!", file=sys.stderr)
include = conf.get('include')
if include:
for term in include:
if not lookup_es_key(terms, term) and '*' not in term:
print("Included term %s may be missing or null" % (term), file=sys.stderr)
for term in conf.get('top_count_keys', []):
# If the index starts with 'logstash', fields with .raw will be available but won't in _source
if term not in terms and not (term.endswith('.raw') and term[:-4] in terms and index.startswith('logstash')):
print("top_count_key %s may be missing" % (term), file=sys.stderr)
print('') # Newline
# Download up to 10,000 documents to save
if args.save and not args.count:
try:
res = es_client.search(index, size=10000, body=query, ignore_unavailable=True)
except Exception as e:
print("Error running your filter:", file=sys.stderr)
print(repr(e)[:2048], file=sys.stderr)
return None
num_hits = len(res['hits']['hits'])
print("Downloaded %s documents to save" % (num_hits))
return res['hits']['hits']